Pretraži prema CWE oznaci - CERT epsilon
CWE ID Opis
CWE-1004 The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
CWE-1007 The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.
CWE-102 The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
CWE-1022 The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
CWE-1023 The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
CWE-1024 The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared.
CWE-1025 The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.
CWE-103 The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().
CWE-1037 The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.